Navigating changes in cybersecurity tactics can be daunting for organizations of any size. However, with the recent release of the NIST Cybersecurity Framework 2.0 (CSF), companies aligning with the NIST framework can take advantage of several significant changes. These updates represent a positive step toward modernization and emphasize a holistic approach by integrating cybersecurity into organizational risk management. Two key updates include the emphasis on governance and the importance of considering supply chain security.

The importance of governance

The introduction of the ‘Govern’ function in the framework signifies the increasing need for executive and board involvement in cybersecurity. This change underscores the pivotal role of leadership in managing cybersecurity risks and aligning security strategies with broader business goals. Organizations are urged to initiate conversations with their leadership teams to fully grasp the advantages the governance function can bring to their cybersecurity programs.

“Governance activities are crucial for integrating cybersecurity into an organization’s enterprise risk management strategy. GOVERN focuses on organizational context, cybersecurity strategy, supply chain risk management, roles, responsibilities, policy, and oversight.”

New emphasis on supply chain security

The CSF 2.0 highlights the importance of supply chain security. Given increasing risks, organizations are compelled to evaluate and manage the vulnerabilities posed by their suppliers and third-party partners. Assessing suppliers’ cybersecurity stance, pinpointing such vulnerabilities, and ensuring that risks are not passed onto the organization are vital steps towards bolstering supply chain security.

“Supply chain risk management is crucial due to complex relationships. Cybersecurity SCRM (C-SCRM) is a systematic process to manage cybersecurity risks across supply chains. Key requirement: “GV.SC-06: Planning and due diligence for risk reduction in supplier relationships.”

Implement CSF 2.0

As organizations strive to implement the latest version of the NIST Cybersecurity Framework, it is essential to leverage all available resources provided by NIST and other organizations. These resources, including organizational and community profiles, can help companies tailor the framework to their specific needs and requirements. Additionally, organizations should confirm that their vendors and cybersecurity management tools are aligned with the updated framework to ensure comprehensive support for their cybersecurity initiatives.

The NIST Cybersecurity Framework 2.0 presents organizations with an opportunity to enhance their cybersecurity maturity and posture. By adding governance and supply chain security, companies can strengthen their overall cybersecurity resilience and better protect their assets from evolving threats. Embracing and proactively addressing these changes will be vital to effectively navigating complex cybersecurity challenges.

A comprehensive platform to help implement CSF 2.0

Immersive Labs provides a comprehensive platform to help organizations navigate and align with the new NIST Cybersecurity Framework 2.0. Through our interactive labs, collections, and activities, users can gain hands-on experience and practical skills in governance, supply chain security, and other key aspects of the framework. By engaging with our tailored content, users can enhance their understanding of cybersecurity best practices and apply them effectively in real-world scenarios. 

Immersive Labs’ dynamic learning environment empowers individuals and teams to upskill, adapt to changes in cybersecurity, and strengthen their overall cybersecurity posture in alignment with the latest industry standards, such as the NIST framework.

To learn how Immersive Labs delivers cyber workforce resilience, click here.

Check Out Immersive Labs in the News.


March 18, 2024


Gregg Ogden